Today we are announcing the availability of Cumulative Updates (CUs) for Exchange Server 2016 and Exchange Server 2019. These CUs include fixes for customer reported issues along with all previously released Security Updates (SUs), including the updates released in the March 2022 SUs. A full list of fixes is contained in the KB article for each CU, but we also want to highlight some important changes.
We’re thrilled to announce the availability of new features in the CU for Exchange Server 2019, such as an updated Exchange Management Tools role that enables customers who run Exchange server(s) only for recipient management purposes to shut down their last Exchange server(s) and use Windows PowerShell for recipient management. We’re also excited to announce a change to the hybrid server license for Exchange Server 2019, as detailed below.
Servicing Model Changes
First, we’d like to share some changes to how we deliver updates (aka our servicing model) for Exchange Server. Historically, we have released quarterly CUs in March, June, September, and December. Customers have told us this is too frequent and that it hinders their ability to stay current (which for Exchange hybrid customers is a requirement). Customers also tell us that December is not a good time to release a CU, which is why we didn’t release any in December 2021.
Today, we are announcing changes to our update delivery model for Exchange Server. We are moving to a release cadence of two CUs per year – releasing in H1 and H2 of each calendar year, with general target release dates of March and September. But our release dates are driven by quality, so we might release updates in April or October, or some other month, depending on what we’re delivering.
The next CU will be released in H2 of 2022, and it will be for Exchange Server 2019 only; mainstream support has ended for Exchange Server 2013 and Exchange Server 2016. We will release SUs as needed while those versions are in extended support.
A CU release every 6 months might be too long to wait for some updates, so we may also release hotfixes between CU releases.
With these service model changes, being current still means running the latest CU or the one immediately preceding it (N or N-1), but the ‘currency window’ is now extended from 6 months to 1 year.
Exchange Management Tools Update
Until today, organizations that have all their mailboxes in Exchange Online and use Active Directory (AD) for identity management must have a running Exchange server in their environment in order to perform recipient management activities.
Today, we are excited to announce that Exchange Server 2019 CU12 includes an updated Exchange Management Tools role designed to address the specific customer scenario where an Exchange server is run only because of recipient management requirements.
The updated Management Tools role eliminates the need to have a running Exchange server for recipient management in this scenario. If you have only a single Exchange server that you use only for recipient management, you can install the updated tools on a domain-joined workstation, shut down your last Exchange server, and manage recipients using Windows PowerShell. For more information, see Manage recipients in Exchange Server 2019 Hybrid environments.
Hybrid Experience Updates
There are two more exciting updates for hybrid customers in Exchange Server 2019 CU12.
|Get-HybridAgent||View installed Hybrid Agents|
|Update-HybridApplication||Edit parameters of a Hybrid Application|
|Get-HybridApplication||View all Hybrid Applications|
|Remove-HybridApplication||Remove a Hybrid Application|
Support for Windows Server 2022
CU12 also introduces support for running Exchange Server 2019 on Windows Server 2022 and in environments that use Windows Server 2022 Active Directory servers.
Support for Exchange Server and Windows Server 2022 is detailed below and documented in the Exchange Server supportability matrix along with details on other Exchange Server operating system support.
Exchange Server Version
Windows Server 2022 OS
Windows Server 2022 AD Servers
Exchange Server 2019
Support for TLS 1.3
By default, Windows Server 2022 uses Transport Layer Security (TLS) 1.3, the latest version of the Internet's most deployed security protocol. TLS 1.3 encrypts data to provide a secure communication channel between two endpoints. It eliminates obsolete cryptographic algorithms, enhances security over older versions, and aims to encrypt as much of the handshake as possible. Support for TLS 1.3 will be added to Exchange Server 2019 in 2023.
New Microsoft Bounty Program for Exchange Server
We strongly believe that close partnerships with security researchers help make customers more secure. Security researchers play an integral role in the ecosystem by discovering vulnerabilities missed in the software development process, and each year we partner together to better protect billions of users worldwide.
Today, we are also sharing that we have launched a security vulnerability bounty program for Microsoft Exchange Server via the Microsoft Applications and On-Premises Servers Bounty Program. Individuals across the globe can now receive monetary rewards for submitting security vulnerabilities found in Exchange Server shipping on the latest, fully patched version of Windows. For the new bounty program, we request you submit bugs on any supported version of Exchange Server.
The KB articles that describe the fixes in each release and product downloads are as follows:
Known Issues With This Release
Please see CU release Knowledge Base articles for known issues.
Microsoft recommends that all customers test the deployment of an update in a lab environment to determine the proper installation process for your production environment.
You can find information on preparing Active Directory here. All Exchange-made schema changes are tracked here.
For installation best practices, see Upgrade Exchange to the latest Cumulative Update. See also the Exchange Update Wizard for detailed installation steps.
When installing, ensure that the Windows PowerShell Script Execution Policy is set to Unrestricted on the server. To verify the policy settings, run Get-ExecutionPolicy from PowerShell on the Exchange server. If the policy is NOT set to Unrestricted, use these steps to set it to Unrestricted.
If you plan to install the update in unattended mode from PowerShell or a command prompt, make sure you specify either the full path to Setup.exe, or use a “.” in front of the command when running Setup directly from the folder containing the CU. If you do not do either of these, Setup may indicate that it completed successfully when it did not. Read more here.
NOTE: Customers in Exchange hybrid deployments and those using Exchange Online Archiving with an on-premises Exchange deployment are required to deploy the latest CU for product support.
For the latest information on Exchange Server announcements please see What's New in Exchange Server and the Exchange Server Release Notes.
NOTE: Documentation may not be available at the time this post is published.
Updates to this blog post:
The Exchange Server team
Finally - sweet!
I am surprised that this new role is the direction taken here. Wasn't the goal for some light-weight AAD connect agent to allow for on-prem recipient administration from the cloud? Is that still coming?
The KB links don't work, at least from my workstation.
@Evgenij Smirnov "NOTE: Documentation may not be available at the time this post is published."
This is pretty normal for Exchange documents. The KBs usually don't work for an hour or two.
Hello Exchange Team
Any news / updates related to the next version of Exchange? its been months.....not even alpha, beta, pre-rtm releases
Last time i checked Microsoft web site it was about August/September 2021 time frame for the release.
With the release of Windows Server 2022 it would be nice to have Exchange 2022 running along as well :)
please let us know.
Good info. Only Exchange Server 2016 CU23 UM Language Packs link working. KB Link must updated properly. @The_Exchange_Team
@gauravkumra, @Evgenij Smirnov, @Vadivelu_B - this is a common occurrance when waiting on CDNs to update. That's why
"NOTE: Documentation may not be available at the time this post is published." is added towards the end of the post.
They should be working in a few hours.
What are the system requirements for the Exchange 2019 Management Tools Role? I would not figure it would be as strenuous as Exchange 2019 itself.
Currently, we are on Exchange 2016 Hybrid and were waiting on this feature.
Finally. We can get rid of that old Exchange 2016 user management server. I have been waiting for this for the past 5 years. If this works as advertised, big thanks to the MS Exchange team. Anyone tried the process yet to remove a last Exchange 2016 server and move across to the Exchange 2019 PowerShell management tools? Cant wait to do this but cannot really test it as dont have extra hybrid environments...
Thanks for the information and update. We will perform the test installation in the coming days and production environments later on. I will update this post on our findings. As for now I can't read the information yet, bc the CDN are not fully in sync with install notes (as mentioned), so will chat that tomorrow.
Update 1: We have scheduled the installs of production environments starting next week and plan to do the last one before patch tuesday in may (to remain in chronological order). In test environment we have no issues. We phased out EXCH2013 completely and all are 2016 and 2019 now. Remaining 2016 will be migrated to 2019 (or successor) later this year. We found out that all UNC path functions are removed, except the UNC path for export/import function.
Update 2 (may 4th): We have upgraded all our managed environments. No issues have been found.
Keep up the good work! We want to keep the chronological order of software updates and be ready for possible may updates (if any will be released).
I had a quick question about this from the linked hybrid EMT documentation:
"Once you shut down your last Exchange server and perform the Exchange hybrid and Active Directory cleanup steps listed above, you should erase and reformat your last Exchange server. Do Not Uninstall the Exchange Server."
What are the implications of uninstalling the last Exchange server? We have onboarded a few orgs over the years who were previously migrated to Exchange Online and then uninstalled all of their Exchange servers so I'm curious as to how we go about setting up the Exchange Management Tools in that situation.
Thank you for the release and we will be testing it soon.
Whatever happened to the fix for the issue with the March SU for Exchange 2013 (KB5013118) ? Did we forget about that ?
re: Customers have told us (that quarterly updates are) too frequent and that it hinders their ability to stay current
I've never heard anyone say that ever and don't recall it being mentioned in these forums - certainly not enough to remember and as with previous pronouncements about what "customers have told us" it all seems very convenient. You don't listen to or even comment on the vast majority of what people that are very involved in Exchange have been suggesting in these forums for years yet you make changes based on these mythical "customers".
re: "Customers also tell us that December is not a good time to release a CU, which is why we didn’t release any in December 2021."
I've never heard that either. December is a great time to release a CU. If you have a change freeze or too many people away on holiday in December, you install it in January after you've enjoyed your time off and you have the benefit of seeing if it caused a problem for anyone back in December. "Will the new CU kill my Exchange server?" is a question that people ask out here in the real world,
re: "moving to a release cadence of two CUs per year .... target release dates of March and September. .... But our release dates are driven by quality, so we might release updates in April or October, or some other month"
So the new cadence means nothing really. You'll release (and inexplicably delay the release of) fixes as you see fit and generate confusion, especially in these forums about what order to install the "Hx" CU releases versus the off-schedule releases versus the SU's etc. You've been playing with the cadence and terminology (Hx CU, CU, SU, Service Pack, Rollup and whatever else I've forgotten) for years since Exchange 4.0 but nothing really changes.
Quarterly CUs were a reasonable approach but you've chosen to muddy the waters yet again for no apparent reason outside of what "Customers have told us".
"...shut down their last Exchange server(s) and use Windows PowerShell for recipient management. "
Glorious. Thought this day would never come!
Would you be so kind to update the following article (solution is missing): https://support.microsoft.com/de-de/topic/invalid-new-auth-certificate-for-servers-that-are-not-on-u... The english version is also not complete
Its great to finally have the CU released, but it looks like no changes have been made to the BigFunnel Indexing and search issues.
So disappointed. Its been 12 months since we can search for emails in Outlook OWA or Desktop.
The mystery of why we don't uninstall the last server is interesting, but all the caveats seem totally fair and understandable.
Making free Hybrid keys for Exchange 2019 is a very welcomed kind gesture. Thank you!
The Release cadence change, does seem funny how few years it takes before Microsoft changes its mind. But at this point it's clear and should be expected that there are always going to be these changes and the different products are like planets that only line up for a short period of time. Right now they're looking pretty aligned!
Next up we should expect a few product and feature name changes designed to keep everyone on their toes (especially students and exam takers). But seriously please don't =).
Install went smoothly.
Is this possible after to in place upgrade windows 2019 to 2022 ?
I lost hope for solution to get rid of last local server so long ago, so even missed this bit when skimming through this article :D Of course, we got rid of last server long time ago and used the unofficial path (ADUC and such), but it is finally official. Took only how many years? :)
shut down your last Exchange server, and manage recipients using Windows PowerShell....
So, the last Exchange Server can still not be uninstalled
Thanks for listening to the user feedback and bringing the hybrid license for Exchange Server 2019! Much appreciated.
Agree with previous comments that semi annual CUs are not frequent enough and will likely lead to even more non compliant systems and more emergency hotfixes. Emergency hotfixes in the past 2 years were much harder to keep up with than regular and planable CU strategy.
Please reconsider the consequences of changing this schedule. I don't believe that Exchange Online will only see semi-annual updates.
Can you leave an follow-up plans to Exchange Server vNext and the free "step-up"?
Customers having on-premises Exchange are wondering why there is no Exchange Server 2022 or similar announced, late after Windows Server 2022 is released. Thank you very much!
@kwester-ebbinghaus-business Understood, but we have nothing to announce on that subject at this time. This is a separate subject and we fully understand that there has been lack of information.
@Mukesh Srivastava Please check out linked documentation about this new management feature; there are very good reasons why the server cannot be uninstalled, but that does not mean it cannot be removed. :) Too much to get into in the announcement blog post but I think Docs article covers it.
@StanthewiZZard If by this you mean if you can in-place upgrade the OS under the running Exchange Server, then the answer is no; that is not supported (never was).
@gjsigma This is an unsupported situation; the problem with uninstalling the last server is that it pulls out AD objects that are needed for management via PowerShell. We have not validated this scenario but likely it involves creating a new organization (starting from scratch) using the same organization name. Note again, this is not a scenario that we support.
@swm011010 You are right; we did not provide enough information in related KB article (something we are working on).
In the announcement you state that "CU12 also introduces support for running Exchange Server 2019 on Windows Server 2022 and in environments that use Windows Server 2022 Active Directory servers."
In the table below that you then state that "Windows Server 2022 AD" is "Supported" .
Since "Windows Server 2022 AD" is not the same as "Windows Server 2022 Active Directory Servers", are you announcing a heretofore non-existent Domain/Forest functional level for Active Directory ?
Looking forward to your always timely, accurate and thoughtful response
@Sam_T the note is about domain controllers running Windows Server 2022. Exchange 2019 CU12 is supported in an Active Directory Domain Services environment with DCs running Windows Server 2022.
so exchange CU12 can't run on windows 2022 at all (fresh install or inplace upgrade)
@StanthewiZZard Please have a look at the Supportability Matrix if unclear: Exchange Server supportability matrix | Microsoft Docs
Hi Paul. I understand completely what was announced in terms of support for domain controllers. Do you understand that in the table you then state that "Windows Server 2022 AD" is "Supported" ? That's implying that you are supporting a non-existent domain/forest functional level. Did you understand my post ?
there are different tables, one is for support Domain Controllers, other tables refer to FFL / DFL. This can differ. Always check the en-us pages as others are manually translated are prone to be not updated in time.
in place upgrade not for the moment (hope for the next CU)
fresh install supported
So will this be the "last" cumulative update for Exchange Server 2016? This is now the fourth "last" CU. Some more proactive communications about this would have been appreciated especially for those of us who just upgraded our entire Exchange Server 2016 fleet to CU22 last week. ;)
@StanthewiZZard I don't understand your comment, though. A "fresh install" of Exchange Server 2019 on the Windows Server 2022 OS should be done using the Exchange 2019 CU12 bits (.ISO file). Our cumulative updates are "whole product" so you do not need to start from Exchange Server 2019 RTM code and then upgrade to CU12. You just start from CU12 if you want to install on top of Windows Server 2022 OS.
Upgrading Windows under Exchange Server was never supported (between major Windows versions) so that support is not coming now or in the future Exchange CU.
Hi @Nino Bilic thanks for the important notice, can you please have filed PR on docs.microsoft.com
to include this note "Upgrading Windows under Exchange Server was never supported (between major Windows versions) so that support is not coming now or in the future Exchange CU."
Just saying because:
Upgrading from Windows Server 2019 with Exchange Server 2019 to Windows Server 2022 might be tempting. in place upgrades are really easy and upgrading to Windows Server 2022 does not change / downgrade .net nor PowerShell (WMF 5.1).
@janelson This is the last* CU for Exchange Server 2016.
* - reality of the situation is that if some pressing need arises that would make releasing another CU the right thing to do for our customers, we would do it. But we do not have plans to release another CU for Exchange Server 2016.
Windows 2022 need a fresh install as upgrading windows 2019 with Exch2019 is not supported.
I do know that the CU is the full Exchange install :)
You should change the matrix because "not supported for the moment" implies that it will be in the futur.
So "not supported" would be preferable.
So now, I need:
To install a new WS2022
Install CU12 on it
If you wanted your customer to turn to other solution (cloud maybe) you would be doing the other way.
MS is still MS (a mess)
Thank for the explanations
@kwester-ebbinghaus-business and @StanthewiZZard Fair point; I'll clarify the Supportability Matrix so we state that we do not support WS 2019 > 2022 in-place upgrades, now (we say this already) or in the future (will clarify this).
@Sam_T, yes, I understand how that can be inferred. The post above was updated to "Windows Server 2022 AD Servers", matching what's listed in the Supported Active Directory environments section of the Exchange Server supportability matrix.
Hi @Nino Bilic
If i run CleanupActiveDirectoryEMT.ps1, will it be possible to install an Exchange Server again?
You posted that uninstalling the last Exchange server is unsupported.
What about a fresh new AD?
Do i have to install an Exchange Server to be in a supported scenario, or is it sufficient to just install the Exchange 2019 CU12+ Management tools?
A minor suggestion on the "Manage recipients in Exchange Hybrid environments using Management tools" documentation. You might want to move the warning about not uninstalling Exchange to the top of the instructions instead of the bottom. I can see a number of people not noticing that until it's too late. Not everyone reads the manual before doing things.
Reading through the list of fixes I really asked myself who decided to remove the ability to use UNC paths in management cmdlets.
Especially the side effect of removing most of the certificate management tasks from ECP is a bummer.
One clarification, based on the matrix, it means that the Ex2019 CU12 management tools can only be installed on WS2019, WS2022 server and Win10 client. But not on WS2016 Servers?
@Cynrik Yes, using E2019 management tools in a scenario where AD did not have an Exchange Server installed ever is also supported, yes. We are adding this to the documentation. You will have to extend the schema etc. of course.
Does it work if i first uninstall the last exchange server and afterwards install the Management Tools?
@Cynrik We do not support you uninstalling the last Exchange server. We specifically say that the last server should not be uninstalled, rather, the server should be shut down and then yes you can use the cleanup script to remove some AD objects but not by uninstalling of the server (if by 'uninstalling' you mean running Exchange setup and uninstalling Exchange from the last server).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.